From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#10617: 24.0.92; Bidi crash reading a message from emacs-devel Date: Mon, 30 Jan 2012 21:03:38 +0200 Message-ID: <83r4yhqagl.fsf@gnu.org> References: <87ehumm6jt.fsf@spindle.srvr.nix> <83pqe5zfd6.fsf@gnu.org> <87vcnt5a7v.fsf@spindle.srvr.nix> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: dough.gmane.org 1327950426 8252 80.91.229.3 (30 Jan 2012 19:07:06 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 30 Jan 2012 19:07:06 +0000 (UTC) Cc: 10617@debbugs.gnu.org To: Nix Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Jan 30 20:07:05 2012 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RrwZF-0000Sy-HG for geb-bug-gnu-emacs@m.gmane.org; Mon, 30 Jan 2012 20:07:05 +0100 Original-Received: from localhost ([::1]:38501 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RrwZE-0006nx-U7 for geb-bug-gnu-emacs@m.gmane.org; Mon, 30 Jan 2012 14:07:04 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:40141) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RrwZ6-0006nG-Q2 for bug-gnu-emacs@gnu.org; Mon, 30 Jan 2012 14:07:03 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RrwZ1-00007t-RD for bug-gnu-emacs@gnu.org; Mon, 30 Jan 2012 14:06:56 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:41957) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RrwZ1-00007p-PP for bug-gnu-emacs@gnu.org; Mon, 30 Jan 2012 14:06:51 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1RrwZC-0002Qd-Ny for bug-gnu-emacs@gnu.org; Mon, 30 Jan 2012 14:07:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 30 Jan 2012 19:07:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 10617 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 10617-submit@debbugs.gnu.org id=B10617.13279503779254 (code B ref 10617); Mon, 30 Jan 2012 19:07:02 +0000 Original-Received: (at 10617) by debbugs.gnu.org; 30 Jan 2012 19:06:17 +0000 Original-Received: from localhost ([127.0.0.1]:45576 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1RrwYS-0002PD-R8 for submit@debbugs.gnu.org; Mon, 30 Jan 2012 14:06:17 -0500 Original-Received: from mtaout22.012.net.il ([80.179.55.172]:42463) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1RrwYR-0002Oy-5t for 10617@debbugs.gnu.org; Mon, 30 Jan 2012 14:06:16 -0500 Original-Received: from conversion-daemon.a-mtaout22.012.net.il by a-mtaout22.012.net.il (HyperSendmail v2007.08) id <0LYM00I00KWQUO00@a-mtaout22.012.net.il> for 10617@debbugs.gnu.org; Mon, 30 Jan 2012 21:05:39 +0200 (IST) Original-Received: from HOME-C4E4A596F7 ([84.229.57.191]) by a-mtaout22.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0LYM00IBJL1DR630@a-mtaout22.012.net.il>; Mon, 30 Jan 2012 21:05:38 +0200 (IST) In-reply-to: <87vcnt5a7v.fsf@spindle.srvr.nix> X-012-Sender: halo1@inter.net.il X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:56245 Archived-At: > From: Nix > Cc: 10617@debbugs.gnu.org > Emacs: is that a Lisp interpreter in your editor, or are you just happy to see me? > Date: Mon, 30 Jan 2012 18:14:28 +0000 > > On 27 Jan 2012, Eli Zaretskii spake thusly: > > >> From: Nix > >> Emacs: no job too big... no job. > >> Date: Thu, 26 Jan 2012 22:40:22 +0000 > >> > >> I just got a bidi crash reading an emacs-devel message in Gnus (bzr > >> r106941). > > > > I'm curious: why do you think this crash has anything to do with bidi? > > There are no bidi-related functions anywhere in the backtrace you > > show. > > Oh. Maybe I jumped to conclusions, but the fact that I got it when > viewing a heavily-bidi message roused suspicions too strong to see past Arabic text is special in that it uses character compositions, not only bidi display. And the crash is inside code that handles character compositions. > >> It is quite clear from the backtrace that the second parameter to > >> char_table_ref() has been garbaged, apparently being set to 2^32/1000 > >> (again, passing strange). > > > > Sorry, I don't believe backtraces from optimized builds, they lie > > through their teeth. > > Backtraces from optimized GCC builds on x86_64 Linux (and, on modern > GCC's, on i386 too) don't work by doing frame pointer walking anymore, > they do DWARF walking. If that lies, the stack is severely corrupted and > exception handling will also crash: perhaps not terribly relevant for > most C programs but still a sign that keeping this particular data > structure un-fudged-up is considered important. (There are the usual > modifications due to inlining and sibcalls but they are easy to > compensate for.) > > So it's a good bit more reliable than it used to be. You can generally > rely on the function names being valid. The problem is that (a) static functions inlined by the compiler don't always appear in the backtraces, and (b) too many arguments in the calls are not shown ("optimized out") or shown with incorrect values. > > It would be interesting to see it->current, it->position, it->sp, and > > it->string in frames #6 and #8. > > Frame 6: > > (gdb) print it->current > $3 = { > pos = { > charpos = 1430, > bytepos = 1394 > }, > overlay_string_index = -1, > string_pos = { > charpos = -1, > bytepos = -1 > }, > dpvec_index = -1 > } > (gdb) print it->position > $4 = { > charpos = 1430, > bytepos = 1394 > } If bytepos is smaller than charpos, it generally means trouble... > (gdb) print it->sp > $5 = 0 > (gdb) print it->string > $6 = 12065314 What does "xtype" say about this string? If it says Lisp_String, what does "xstring" say?